urlscan.io logo urlscan.io
SecurityTrails logo

tantw.buzz Open in urlscan Pro
119.18.55.156  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://tantw.buzz/
Submission: On October 02 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 119.18.55.156, located in India and belongs to PUBLIC-DOMAIN-REGISTRY, US. The main domain is tantw.buzz.
This is the only time tantw.buzz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banco BHD (Banking)

Domain & IP information

IP Address AS Autonomous System
8 119.18.55.156 394695 (PUBLIC-DO...)
1 2 91.235.132.130 30286 (THM)
9 3
Apex Domain
Subdomains		 Transfer
8 tantw.buzz
tantw.buzz
9 MB
2 online-metrix.net
h.online-metrix.net — Cisco Umbrella Rank: 4731
922 B
9 2
Domain Requested by
8 tantw.buzz tantw.buzz
2 h.online-metrix.net 1 redirects tantw.buzz
9 2

This site contains no links.

Subject Issuer Validity Valid

This page contains 2 frames:

Primary Page: http://tantw.buzz/
Frame ID: 2F1AF6854BA0404734D76697A67AB640
Requests: 3 HTTP requests in this frame

Frame: http://tantw.buzz/login.php
Frame ID: 7A599F64EBED302D5645D9677A38273A
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Statistics

9
Requests

0 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

9716 kB
Transfer

9717 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 8
  • https://h.online-metrix.net/fp/clear.png?org_id=po639cr6&session_id=1NTvRB1lvJe8JoeL3IySbmH&m=1 HTTP 302
  • https://h.online-metrix.net/fp/clear.png?org_id=po639cr6&session_id=1ntvrb1lvje8joel3iysbmh&k=1

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
tantw.buzz/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://tantw.buzz/
Protocol
HTTP/1.1
Server
119.18.55.156 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
119-18-55-156.webhostbox.net
Software
Apache /
Resource Hash
e965e97a5eabab9948052b5e250adbb51de8192f8e7bdc775197b253cc90a048

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 02 Oct 2023 18:01:22 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked
logo-1.png
tantw.buzz/ 		151 KB
151 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://tantw.buzz/logo-1.png
Requested by
Host: tantw.buzz
URL: http://tantw.buzz/
Protocol
HTTP/1.1
Server
119.18.55.156 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
119-18-55-156.webhostbox.net
Software
Apache /
Resource Hash
cb35b59fcbcba73d2980e821fa66cc5e41e47e37d28e8c519e4c7fd4e89231ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://tantw.buzz/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 02 Oct 2023 18:01:22 GMT
Last-Modified
Fri, 13 Jan 2023 01:11:24 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
154271
login.php
tantw.buzz/ Frame 7A59 		490 KB
490 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://tantw.buzz/login.php
Requested by
Host: tantw.buzz
URL: http://tantw.buzz/
Protocol
HTTP/1.1
Server
119.18.55.156 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
119-18-55-156.webhostbox.net
Software
Apache /
Resource Hash
dc6ed2b667734e7fa876324c0e1c76eed47eb8ccff9b081d854440236cc6ff76

Request headers

Referer
http://tantw.buzz/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 02 Oct 2023 18:01:22 GMT
Keep-Alive
timeout=5, max=100
Server
Apache
Transfer-Encoding
chunked
fondo.png
tantw.buzz/ 		9 MB
9 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://tantw.buzz/fondo.png
Requested by
Host: tantw.buzz
URL: http://tantw.buzz/
Protocol
HTTP/1.1
Server
119.18.55.156 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
119-18-55-156.webhostbox.net
Software
Apache /
Resource Hash
3b1fd682688fc663e94ece5ae7a252f35a1e2c5ebb4878c6c812ae618e3cad24

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://tantw.buzz/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 02 Oct 2023 18:01:22 GMT
Last-Modified
Mon, 25 Sep 2023 09:18:38 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
8959022
mashup_ra_collection
tantw.buzz/datosm/ Frame 7A59 		0
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://tantw.buzz/datosm/mashup_ra_collection
Requested by
Host: tantw.buzz
URL: http://tantw.buzz/login.php
Protocol
HTTP/1.1
Server
119.18.55.156 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
119-18-55-156.webhostbox.net
Software
Apache /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://tantw.buzz/login.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 02 Oct 2023 18:01:24 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
truncated
/ Frame 7A59 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f7c4c0dd579cdf41eab5e9235c67a4d6589a4511284821b5b1bda23b703b0af6

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://tantw.buzz/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Type
image/jpeg
clear(7).png
tantw.buzz/datosm/ Frame 7A59 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://tantw.buzz/datosm/clear(7).png
Requested by
Host: tantw.buzz
URL: http://tantw.buzz/login.php
Protocol
HTTP/1.1
Server
119.18.55.156 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
119-18-55-156.webhostbox.net
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://tantw.buzz/login.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 02 Oct 2023 18:01:24 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
maquetasprite.png
tantw.buzz/ Frame 7A59 		320 KB
320 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://tantw.buzz/maquetasprite.png
Requested by
Host: tantw.buzz
URL: http://tantw.buzz/login.php
Protocol
HTTP/1.1
Server
119.18.55.156 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
119-18-55-156.webhostbox.net
Software
Apache /
Resource Hash
0d74446e7e0a7838b016a172c8cda9c4e6239358c6e335b98c2ef6e8864dac72

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://tantw.buzz/login.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 02 Oct 2023 18:01:24 GMT
Last-Modified
Fri, 13 Jan 2023 01:29:48 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
327363
login.php
tantw.buzz/ Frame 7A59 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://tantw.buzz/login.php
Requested by
Host: tantw.buzz
URL: http://tantw.buzz/login.php
Protocol
HTTP/1.1
Server
119.18.55.156 , India, ASN394695 (PUBLIC-DOMAIN-REGISTRY, US),
Reverse DNS
119-18-55-156.webhostbox.net
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://tantw.buzz/login.php
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date
Mon, 02 Oct 2023 18:01:24 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
clear.png
h.online-metrix.net/fp/ Frame 7A59
Redirect Chain
  • https://h.online-metrix.net/fp/clear.png?org_id=po639cr6&session_id=1NTvRB1lvJe8JoeL3IySbmH&m=1
  • https://h.online-metrix.net/fp/clear.png?org_id=po639cr6&session_id=1ntvrb1lvje8joel3iysbmh&k=1
81 B
474 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://h.online-metrix.net/fp/clear.png?org_id=po639cr6&session_id=1ntvrb1lvje8joel3iysbmh&k=1
Requested by
Host: tantw.buzz
URL: http://tantw.buzz/login.php
Protocol
HTTP/1.1
Server
91.235.132.130 , United States, ASN30286 (THM, US),
Reverse DNS
h.online-metrix.net
Software
Apache /
Resource Hash
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://tantw.buzz/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Pragma
no-cache
Date
Mon, 02 Oct 2023 18:01:24 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Server
Apache
Content-Type
image/png
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=2, max=99
Content-Length
81
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Mon, 02 Oct 2023 18:01:24 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
P3P
CP=IVAa PSAa
Location
https://h.online-metrix.net/fp/clear.png?org_id=po639cr6&session_id=1ntvrb1lvje8joel3iysbmh&k=1
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Length
0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banco BHD (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

1 Cookies

Domain/Path Name / Value
h.online-metrix.net/ Name: thx_guid
Value: 96c209fc05944309a911fd8ecbf06f53

2 Console Messages

Source Level URL
Text
network error URL: http://tantw.buzz/datosm/mashup_ra_collection
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: http://tantw.buzz/datosm/clear(7).png
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)